[....] Starting enhanced syslogd: rsyslogd[ 15.162477] audit: type=1400 audit(1519108350.410:5): avc: denied { syslog } for pid=3959 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.516587] audit: type=1400 audit(1519108354.764:6): avc: denied { map } for pid=4098 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. [ 25.773662] audit: type=1400 audit(1519108361.021:7): avc: denied { map } for pid=4112 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/20 06:32:41 parsed 1 programs 2018/02/20 06:32:41 executed programs: 0 [ 26.039808] audit: type=1400 audit(1519108361.287:8): avc: denied { map } for pid=4112 comm="syz-execprog" path="/root/syzkaller-shm612365918" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 26.052145] IPVS: ftp: loaded support on port[0] = 21 [ 26.292985] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.719479] [ 26.721138] ===================================== [ 26.725945] WARNING: bad unlock balance detected! [ 26.730754] 4.16.0-rc2+ #320 Not tainted [ 26.734779] ------------------------------------- [ 26.739587] syz-executor0/4120 is trying to release lock (rcu_read_lock_bh) at: [ 26.747014] [] hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.753993] but there are no more locks to release! [ 26.758976] [ 26.758976] other info that might help us debug this: [ 26.765611] 3 locks held by syz-executor0/4120: [ 26.770243] #0: ((&idev->mc_ifc_timer)){+.-.}, at: [<00000000e1876ce8>] call_timer_fn+0x1c6/0x820 [ 26.779405] #1: (rcu_read_lock){....}, at: [<00000000c55beb3f>] mld_sendpack+0x180/0xe70 [ 26.787810] #2: (rcu_read_lock){....}, at: [<000000007ad3646d>] nf_hook.constprop.37+0x0/0x830 [ 26.796705] [ 26.796705] stack backtrace: [ 26.801173] CPU: 1 PID: 4120 Comm: syz-executor0 Not tainted 4.16.0-rc2+ #320 [ 26.808414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.817735] Call Trace: [ 26.820286] [ 26.822430] dump_stack+0x194/0x257 [ 26.826028] ? arch_local_irq_restore+0x53/0x53 [ 26.830680] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.836102] print_unlock_imbalance_bug+0x12f/0x140 [ 26.841088] lock_release+0x6fe/0xa40 [ 26.844860] ? hashlimit_mt_common.isra.10+0x1beb/0x2610 [ 26.850293] ? lock_downgrade+0x980/0x980 [ 26.854419] ? lock_release+0xa40/0xa40 [ 26.858363] ? __raw_spin_lock_init+0x1c/0x100 [ 26.862914] ? do_raw_spin_trylock+0x190/0x190 [ 26.867469] hashlimit_mt_common.isra.10+0x1c08/0x2610 [ 26.872714] ? lock_downgrade+0x980/0x980 [ 26.876835] ? dsthash_find+0x5b0/0x5b0 [ 26.880778] ? __lock_acquire+0x664/0x3e00 [ 26.884983] ? is_bpf_text_address+0x7b/0x120 [ 26.889459] ? lock_downgrade+0x95a/0x980 [ 26.893580] ? rcutorture_record_progress+0x10/0x10 [ 26.898566] ? __kernel_text_address+0xd/0x40 [ 26.903035] ? unwind_get_return_address+0x61/0xa0 [ 26.907935] hashlimit_mt+0x78/0x90 [ 26.911529] ? hashlimit_mt+0x78/0x90 [ 26.915298] ip6t_do_table+0x98d/0x1a30 [ 26.919246] ? kmem_cache_alloc_trace+0x136/0x740 [ 26.924062] ? mld_sendpack+0x617/0xe70 [ 26.928006] ? ip6t_error+0x60/0x60 [ 26.931601] ? check_noncircular+0x20/0x20 [ 26.935806] ? lock_acquire+0x1d5/0x580 [ 26.939747] ? lock_acquire+0x1d5/0x580 [ 26.943691] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.948166] ? lock_release+0xa40/0xa40 [ 26.952120] ip6table_raw_hook+0x65/0x80 [ 26.956150] nf_hook_slow+0xba/0x1a0 [ 26.959835] nf_hook.constprop.37+0x3f6/0x830 [ 26.964719] ? igmp6_mcf_seq_next+0x660/0x660 [ 26.969192] ? trace_hardirqs_on+0xd/0x10 [ 26.973310] ? __local_bh_enable_ip+0x121/0x230 [ 26.977952] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.982331] ? rt6_uncached_list_add+0x1b7/0x240 [ 26.987056] ? rt6_fill_node+0x18b0/0x18b0 [ 26.991260] ? icmp6_dst_alloc+0x475/0x660 [ 26.995462] ? ip6_mc_leave_src+0x1d0/0x1d0 [ 26.999754] ? icmpv6_flow_init+0x1f6/0x270 [ 27.004058] mld_sendpack+0x6c2/0xe70 [ 27.007829] ? nf_hook.constprop.37+0x830/0x830 [ 27.012466] ? mark_held_locks+0xaf/0x100 [ 27.016582] ? trace_hardirqs_on+0xd/0x10 [ 27.020698] ? __local_bh_enable_ip+0x121/0x230 [ 27.025336] mld_ifc_timer_expire+0x3d9/0x770 [ 27.029803] call_timer_fn+0x228/0x820 [ 27.033656] ? mld_dad_timer_expire+0x100/0x100 [ 27.038295] ? process_timeout+0x40/0x40 [ 27.042324] ? __run_timers+0x7e3/0xb70 [ 27.046265] ? lock_downgrade+0x980/0x980 [ 27.050381] ? debug_object_deactivate+0x364/0x560 [ 27.055275] ? lock_release+0xa40/0xa40 [ 27.059221] ? do_raw_spin_trylock+0x190/0x190 [ 27.063770] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 27.068754] ? mld_dad_timer_expire+0x100/0x100 [ 27.073388] ? mld_dad_timer_expire+0x100/0x100 [ 27.078025] __run_timers+0x7ee/0xb70 [ 27.081795] ? trigger_dyntick_cpu.isra.29+0x150/0x150 [ 27.087049] ? timerqueue_add+0x1e9/0x280 [ 27.091165] ? check_noncircular+0x20/0x20 [ 27.095369] ? enqueue_hrtimer+0x177/0x4b0 [ 27.099570] ? lock_release+0xa40/0xa40 [ 27.103511] ? retrigger_next_event+0x1e0/0x1e0 [ 27.108152] ? find_held_lock+0x35/0x1d0 [ 27.112194] ? clockevents_program_event+0x163/0x2e0 [ 27.117264] ? lock_downgrade+0x980/0x980 [ 27.121384] ? rcu_pm_notify+0xc0/0xc0 [ 27.125241] run_timer_softirq+0x4c/0x70 [ 27.129274] __do_softirq+0x2d7/0xb85 [ 27.133058] ? ktime_get+0x26f/0x3a0 [ 27.136744] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4 [ 27.141815] ? do_timer+0x50/0x50 [ 27.145241] ? native_apic_msr_write+0x5c/0x80 [ 27.149793] ? lapic_next_event+0x54/0x80 [ 27.153912] ? clockevents_program_event+0x108/0x2e0 [ 27.158984] ? tick_program_event+0x83/0x100 [ 27.163362] ? rcu_pm_notify+0xc0/0xc0 [ 27.167220] irq_exit+0x1cc/0x200 [ 27.170641] smp_apic_timer_interrupt+0x16b/0x700 [ 27.175449] ? smp_reschedule_interrupt+0xe6/0x650 [ 27.180345] ? smp_call_function_single_interrupt+0x640/0x640 [ 27.186197] ? _raw_spin_lock+0x32/0x40 [ 27.190149] ? _raw_spin_unlock+0x22/0x30 [ 27.194265] ? handle_edge_irq+0x2b4/0x7c0 [ 27.198470] ? task_prio+0x50/0x50 [ 27.201981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.206793] apic_timer_interrupt+0x8e/0xa0 [ 27.211081] [ 27.213287] RIP: 0010:_raw_write_unlock_irq+0x56/0x70 [ 27.218440] RSP: 0018:ffff8801bd1d73b8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff12 [ 27.226114] RAX: dffffc0000000000 RBX: ffffffff86a090c0 RCX: 0000000000000000 [ 27.233352] RDX: 1ffffffff0d592d7 RSI: 0000000000000001 RDI: ffffffff86ac96b8 [ 27.240592] RBP: ffff8801bd1d73c0 R08: 0000000000000000 R09: 0000000000000000 [ 27.247832] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801b9d6abd8 [ 27.255069] R13: dffffc0000000000 R14: ffff8801b9d6a640 R15: ffff8801b9d6a640 [ 27.262312] ? _raw_write_unlock_irq+0x27/0x70 [ 27.266863] release_task+0xe9e/0x1a40 [ 27.270722] ? delayed_put_task_struct+0x3d0/0x3d0 [ 27.275620] ? check_noncircular+0x20/0x20 [ 27.279825] ? find_held_lock+0x35/0x1d0 [ 27.283855] ? check_noncircular+0x20/0x20 [ 27.288057] ? check_noncircular+0x20/0x20 [ 27.292270] ? cputime_adjust+0x153/0x340 [ 27.296386] ? lock_downgrade+0x980/0x980 [ 27.300502] ? lock_release+0xa40/0xa40 [ 27.304446] ? find_held_lock+0x35/0x1d0 [ 27.308476] ? wait_consider_task+0x2989/0x3420 [ 27.313126] ? lock_downgrade+0x980/0x980 [ 27.317243] ? lock_downgrade+0x980/0x980 [ 27.321359] ? lock_release+0xa40/0xa40 [ 27.325302] ? do_raw_spin_trylock+0x190/0x190 [ 27.329853] ? task_cputime_adjusted+0x240/0x240 [ 27.334579] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.339564] wait_consider_task+0x2a10/0x3420 [ 27.344031] ? exit_notify+0xb10/0xb10 [ 27.347898] ? lock_downgrade+0x980/0x980 [ 27.352014] ? lock_release+0xa40/0xa40 [ 27.355971] ? lock_acquire+0x1d5/0x580 [ 27.359913] ? do_raw_spin_trylock+0x190/0x190 [ 27.364463] ? lock_acquire+0x1d5/0x580 [ 27.368404] ? do_wait+0x3aa/0xa70 [ 27.371916] ? lock_release+0xa40/0xa40 [ 27.375862] ? add_wait_queue+0x1a9/0x290 [ 27.379981] ? wait_woken+0x280/0x280 [ 27.383751] do_wait+0x427/0xa70 [ 27.387091] ? wait_consider_task+0x3420/0x3420 [ 27.391725] ? do_raw_spin_trylock+0x190/0x190 [ 27.396277] ? find_held_lock+0x35/0x1d0 [ 27.400308] ? lock_downgrade+0x980/0x980 [ 27.404426] kernel_wait4+0x1f5/0x370 [ 27.408194] ? SyS_waitid+0x50/0x50 [ 27.411791] ? ktime_get_ts64+0x15f/0x4d0 [ 27.415913] ? task_stopped_code+0x140/0x140 [ 27.420300] SYSC_wait4+0x134/0x140 [ 27.423896] ? kernel_wait4+0x370/0x370 [ 27.427837] ? put_timespec64+0xfc/0x180 [ 27.431872] ? nsecs_to_jiffies+0x30/0x30 [ 27.435996] ? SyS_clock_gettime+0xce/0x160 [ 27.440296] ? SyS_clock_settime+0x190/0x190 [ 27.444675] SyS_wait4+0x2c/0x40 [ 27.448011] ? SyS_wait4+0x2c/0x40 [ 27.451532] ? C_SYSC_wait4+0x140/0x140 [ 27.455475] do_syscall_64+0x280/0x940 [ 27.459336] ? __do_page_fault+0xc90/0xc90 [ 27.463540] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 27.469048] ? syscall_return_slowpath+0x550/0x550 [ 27.473946] ? syscall_return_slowpath+0x2ac/0x550 [ 27.478847] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 27.484181] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.488996] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 27.494155] RIP: 0033:0x40e0ea [ 27.497314] RSP: 002b:00007ffc43616db8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 27.504991] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000040e0ea [ 27.512231] RDX: 0000000040000001 RSI: 00007ffc43616de4 RDI: ffffffffffffffff [ 27.519470] RBP: 00007ffc43617470 R08: 0000000000000001 R09: 0000000002939940 [ 27.526710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000084 [ 27.533947] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000002939914 2018/02/20 06:32:46 executed programs: 448 2018/02/20 06:32:51 executed programs: 1072